Happy gnu year

Posted January 1st, 2015 by Werner

to everyone and a big thank you to all supporters of GnuPG. It is
awesome to see that GnuPG and its makers received a lot of attention
in the last weeks of 2014. This is really appreciated by all of us.
Speaking of me, the donations allow me to keep on working on free
software and GnuPG in particular — at least for the next months.

Early December friends reminded me that it is the time to kick off a
donation campaign to secure the future of GnuPG. They supported me
with a press release which was republished by others (e.g. Cory
Doctorow) and soon many small and larger donations started to fill up
the donation status bar with a bit of green. I was not just amazed by
the financial support but also by the many encouraging messages to us
developers like Keep the excellent work! Please!, Thanks for
keeping us safe an protecting our basic human rights., You guys are
great! Safe communication should be a right., Thank you so much for
this hard work. You're truly directing us toward a better world,
GPG is important software for our society's future,
Thanks for doing great work. I know it's under appreciated, but it's absolutely
necessary, Please keep it up, guys, and run further donation rounds
if you need money. If GPG goes down, we'll all be at a loss, or
freedom of thought, freedom of speech, freedom of information. Up
until today we received more than a quarter of the campaign’s goal and
donations are still coming in. Let me add that my work on GnuPG would
have not been possible without the incredible support of my family who
deserve all my thanks.

At the 31C3 the Reconstructing narratives lecture (video) told us
again about the depressingly sad state of our world regarding to
freedom and humanity. It was also reported that most of our secure
electronic communication methods don’t do what we expected from them
– with the exception of a very few tools, GPG (i.e. GnuPG) being one
of them.

With the raised attention towards securing our communication and to
help preserving us from a world nobody wants to have, we need to
improve GnuPG and its frontends. They need to be easy usable by
everyone and be a standard part of every communication device much
like the ubiquitous web browser. It will take time and a lot of effort
to do that. I am confident that with enough support we can achieve
that goal. Now let us look forward and see what is on the list.

As a prerequisite we need to establish a solid organizational
framework to free developers of tasks they are not best in, like
looking for money, running funding campaigns, preparing paperwork for
donation programs, and talking to ties and non-techies.

We need better and streamlined documentation. For example, there are
lots of different HOWTOs and other documents explaining the use of
GnuPG and frontend applications. Many of them are outdated and
some documents contradicts each other. Thus the goal is to prepare a
canonical set of documentation to support all kind of users. See and
use the Wiki if you are interested to help.

Enigmail is one of the most used mailer frontends for GnuPG and thus
should be a primary target for improvements. There are currently only
two spare time developers for it — despite that some smaller bugs
make it sometimes hard to use for a beginner. This needs to be
changed by improving the communication between the developers and
finding the resources to assign a paid developer to it.

The network of OpenPGP keyservers works quite well for the relatively
small active user base. For a mass use of it we need to add a few
things or start to deploy an easier method for retrieving keys. This
is essential for making mail encryption the default on the net.

Although the use of proprietary platforms supports the spook’s
surveillance programs, it is a pipe dream to believe that free
operating systems like Linux or FreeBSD can completely replace
Windows, Mac OS, and Android any time soon. Improving our crypto
tools on those platforms is thus essential to help those users and to
trigger a network effect to make encrypted communication the default.
For GnuPG this means to make the core components available on these
platforms using a standard unattended installer, so that frontend
applications (like Enigmail) can easily install it if not yet
available. Separating the GnuPG core from the frontend applications
also allows for an automatic update procedure to be prepared for
possible security relevant bugs and to be able to easily deploy new
algorithms as soon as the needs arises.

As stated in the press release a second full time developer for GnuPG
is required to avoid relying mostly on me. Keep in mind that even
after having secured enough funds it will take some time to find a
developer and it will also take some months until s/he is up to my
maintenance experience. Nevertheless, we need to bear these
additional costs.

In general we need to simplify the the user interfaces of most
frontends and make it easier start with and keep on using encryption.
A dedicated developers meeting will be the first step towards this.